Method of Direct Access and Manipulation of Debuggee Memory from Debugger

1. A computer-implemented method comprising: generating a list of all memory regions of a debuggee and injecting a thread into the debuggee, the injected thread for generating the list and communicating with the debugger, the memory regions comprising old debuggee shared memory regions and private memory regions; adding old debuggee shared memory region handles to the list, each old debuggee shared memory region handle corresponding to an associated old debuggee shared memory region; using the old debuggee shared memory region handles to map the associated old debuggee shared memory regions to a debugger, wherein for each given old debuggee shared memory region mapped to the debugger, a virtual address of the given mapped old debuggee shared memory region used by the debugger matches a virtual address of the given mapped old debuggee shared memory region used by the debuggee; creating and mapping new debugger shared memory regions to the debugger, each new debugger shared memory region corresponding to an associated private memory region of the debuggee; adding new debugger shared memory region handles to the list, each new debugger shared memory region handle corresponding to an associated new debugger shared memory region; and using the new debugger shared memory region handles to map the associated new debugger shared memory regions to the debuggee; wherein creating and mapping new debugger shared memory regions to the debugger comprises: processing each private memory region in the list, the processing further comprising: creating a new debugger shared memory region that matches the size of the private memory region of the debuggee; transferring content of the private memory region of the debuggee to the new debugger shared memory region that matches the size of the private memory region of the debuggee; and freeing the private memory region of the debuggee unless the private memory region is allocated for the injected thread; and mapping the new debugger shared memory regions to respective virtual addresses of the debuggee corresponding to the respective freed private memory regions.

2. The computer-implemented method of claim 1 , further comprising creating the debuggee in a suspended state.

3. The computer-implemented method of claim 1 , further comprising suspending the debuggee.

4. The computer-implemented method of claim 1 , further comprising: upon the injecting a thread into the debuggee, having the debugger sleep until woken up by the injected thread.

5. The computer-implemented method of claim 4 , further comprising: awakening the debugger; and having the injected thread sleep until woken up by the debugger.

6. The computer-implemented method of claim 1 , further comprising reading and writing to the old debuggee shared memory regions and the new debugger shared memory regions.

7. A computer-implemented method comprising: establishing communication with a debugger; hooking an allocate virtual memory function and a free virtual memory function; hooking a map shared memory region function and an unmap shared memory region function; generating a list of all memory regions of a debuggee, the memory regions including old debuggee shared memory regions and private memory regions; processing each memory region in the list to determine if the memory region is an old debuggee shared memory region; upon a determination that the memory region is an old debuggee shared memory region, providing an old debuggee shared memory region handle for the old debuggee shared memory region; storing the list; receiving new debugger shared memory region handles, each new debugger shared memory region handle corresponding to an associated new debugger shared memory region, each new debugger shared memory region corresponding to an associated private memory region of the debuggee, wherein each new debugger shared memory region handle is created through a process comprising: creating a new debugger shared memory region that matches the size of a given private memory region of the debuggee; transferring content of the given private memory region of the debuggee to the new debugger shared memory region that matches the size of the private memory region of the debuggee; and freeing the given private memory region of the debuggee unless the private memory region is allocated for the injected thread; and mapping the new debugger shared memory region to a virtual address of the debuggee corresponding to a memory handle of the freed private memory region; and using the new debugger shared memory region handles to map the associated new debugger shared memory regions to the debuggee.

8. The computer-implemented method of claim 7 , further comprising: suspending the debuggee.

9. The computer-implemented method of claim 8 , further comprising: un-suspending the suspended debuggee.

10. The computer-implemented method of claim 7 , further comprising: upon invocation of the map shared memory region function hook, appending a new debuggee shared memory region to the stored list; providing a new debuggee shared memory region handle associated with the new debuggee shared memory region; and using the new debuggee shared memory region handle to map the new debuggee shared memory region to the debugger.

11. The computer-implemented method of claim 9 , further comprising: upon invocation of the unmap shared memory region function hook, determining a shared memory region being unmapped for the debuggee; and unmapping the shared memory region for the debugger.

12. The computer-implemented method of claim 9 , further comprising: upon invocation of the allocate virtual memory function hook, preventing an attempt to allocate a private memory region for the debuggee; providing information about the private memory region attempted to be allocated; based on the provided information, creating and mapping a new debugger shared memory region to the debugger; providing a new debugger shared memory region handle for the new shared debugger memory region; and using the new debugger shared memory region handle to map the new debugger shared memory region to the debuggee.

13. The computer-implemented method of claim 7 , further comprising: upon invocation of the free virtual memory function hook, unmapping a shared memory region for the debuggee, the shared memory region corresponding to a private memory region attempted to be deallocated; determining the shared memory region being unmapped for the debuggee; unmapping the shared memory region for the debugger; and deallocating the shared memory region.

14. A computer-program product comprising a nontransitory computer readable medium containing computer program code comprising: a debuggee address manipulation application for creating a debuggee in a suspended state; the debuggee address manipulation application further for injecting a thread into the debuggee; the debuggee address manipulation application further for establishing communication with a debugger; the debuggee address manipulation application further for hooking an allocate virtual memory function, a free virtual memory function, a map shared memory region function and an unmap shared memory region function; the debuggee address manipulation application further for generating a list of all memory regions for the debuggee, the memory regions comprising old debuggee shared memory regions and private memory regions; the debuggee address manipulation application further for providing old debuggee shared memory region handles, each old debuggee shared memory region handle corresponding to an associated old debuggee shared memory region; the debuggee address manipulation application further for using the old debuggee shared memory region handles to map the associated old debuggee shared memory regions to the debugger; the debuggee address manipulation application further for creating and mapping new debugger shared memory regions, each new debugger shared memory region corresponding to an associated private memory region of the debuggee; the debuggee address manipulation application further for transferring content of the private memory regions of the debuggee to the corresponding new debugger shared memory regions; the debuggee address manipulation application further for freeing the private memory regions of the debuggee; the debuggee address manipulation application further for providing new debugger shared memory region handles, each new debugger shared memory region handle corresponding to an associated new debugger shared memory region; the debuggee address manipulation application further for using the new debugger shared memory region handles to map the new debugger shared memory regions to the debuggee; the debuggee address manipulation application further for un-suspending the debuggee; and the debuggee address manipulation application further for reading and writing to the old debuggee shared memory regions and the new debugger shared memory regions; wherein creating and mapping new debugger shared memory regions to the debugger comprises: processing each private memory region in the list, the processing further comprising: creating a new debugger shared memory region that matches the size of the private memory region of the debuggee; transferring content of the private memory region of the debuggee to the new debugger shared memory region that matches the size of the private memory region of the debuggee; and freeing the private memory region of the debuggee unless the private memory region is allocated for the injected thread; and mapping the new debugger shared memory regions to respective virtual addresses of the debuggee corresponding to the respective freed private memory regions.

15. The computer-program product of claim 14 , whereupon invocation of the map shared memory region function hook to create a new debuggee shared memory region, the debuggee address manipulation application is further for: providing a new debuggee shared memory region handle; and using the new debuggee shared memory region handle to map the new debuggee shared memory region to the debugger.

16. The computer-program product of claim 14 , whereupon invocation of the unmap shared memory region function hook to unmap a shared memory region for the debuggee, the debuggee address manipulation application is further for: determining the shared memory region being unmapped; and unmapping the shared memory region for the debugger.

17. The computer-program product of claim 14 , whereupon invocation of the allocate virtual memory function hook to allocate a private memory region for the debuggee, the debuggee address manipulation application is further for: preventing the allocate virtual memory function from allocating the private memory region; providing information about the private memory region; based on the provided information, creating and mapping a new debugger shared memory region to the debugger; providing a new debugger shared memory region handle for use of the new debugger shared memory region by the debuggee; and using the new debugger shared memory region handle to map the new debugger shared memory region to the debuggee.

18. The computer-program product of claim 14 , whereupon invocation of the free virtual memory function hook to deallocate a private memory region of the debuggee, the debuggee address manipulation application is further for: unmapping a shared memory region corresponding to the private memory region attempted to be deallocated; determining the shared memory region being unmapped for the debuggee; unmapping the shared memory region for the debugger; and deallocating the shared memory region.